Stilgar
5th April 2003, 15:02
Security Advisory - RHSA-2003:109-12
------------------------------------------------------------------------------
Summary:
Updated balsa and mutt packages fix vulnerabilities
New Balsa, Mutt, and libesmtp packages that fix potential buffer overflow
vulnerabilities are now available.
Description:
Mutt is a text-mode email client. Balsa is a GNOME email client which
includes code from Mutt.
A potential buffer overflow in Mutt version 1.4 exists when parsing mailbox
names returned by an IMAP server. It is possible that a hostile IMAP server
could cause arbitrary code to be executed by the user running Mutt. This
issue affects versions of Mutt provided with Red Hat Linux 8.0 and Red Hat
Linux 9.
Versions 1.2 and higher of Balsa incorporate the vulnerable Mutt IMAP code
and are therefore vulnerable to this issue as well. It is possible that a
hostile IMAP server could cause arbitrary code to be executed by the user
running Balsa. This issue affects Red Hat Linux 7.2, 7.3, 8.0 and 9.
Additionally, a buffer overflow in libesmtp, an SMTP library used by Balsa,
before version 0.8.11 allows a hostile remote SMTP server to execute
arbitrary code via a certain response or cause a denial of service via long
server responses. This issue only affects versions of libesmtp provided by
Red Hat Linux 7.2 and 7.3.
Users of Mutt and Balsa are recommended to update to these erratum packages
containing updated versions of Mutt, Balsa, and libesmtp which are not
vulnerable to these issues.
------------------------------------------------------------------------------
Summary:
Updated balsa and mutt packages fix vulnerabilities
New Balsa, Mutt, and libesmtp packages that fix potential buffer overflow
vulnerabilities are now available.
Description:
Mutt is a text-mode email client. Balsa is a GNOME email client which
includes code from Mutt.
A potential buffer overflow in Mutt version 1.4 exists when parsing mailbox
names returned by an IMAP server. It is possible that a hostile IMAP server
could cause arbitrary code to be executed by the user running Mutt. This
issue affects versions of Mutt provided with Red Hat Linux 8.0 and Red Hat
Linux 9.
Versions 1.2 and higher of Balsa incorporate the vulnerable Mutt IMAP code
and are therefore vulnerable to this issue as well. It is possible that a
hostile IMAP server could cause arbitrary code to be executed by the user
running Balsa. This issue affects Red Hat Linux 7.2, 7.3, 8.0 and 9.
Additionally, a buffer overflow in libesmtp, an SMTP library used by Balsa,
before version 0.8.11 allows a hostile remote SMTP server to execute
arbitrary code via a certain response or cause a denial of service via long
server responses. This issue only affects versions of libesmtp provided by
Red Hat Linux 7.2 and 7.3.
Users of Mutt and Balsa are recommended to update to these erratum packages
containing updated versions of Mutt, Balsa, and libesmtp which are not
vulnerable to these issues.